We’ve just added a new blog post about taint analysis:
He covered a wet, hacking cough with his hand, then pushed through the door off the ward. I reached the same door, and hesitated. The Cougher had just tainted the door with his germs. If I touched it, I’d be tainted too.
These days we all know what germs are and how they’re passed from person to person, and from hand to door to hand. The fact is that particularly in cold and flu season you have to regard every doorknob, and every elevator button as suspicious. You always wash your hands afterward, because you never know which doorknob is tainted with germs. You have to assume they all are.
And the same is true for the data you get from your users. Not every user is a bad actor. In fact, most aren’t. But some are. Some want to infect your systems - to get access to your users, their passwords, their mothers’ maiden names, and anything else they can sell - and they’ll do anything to accomplish that. So you have to treat every user’s data as if contained The Plague, and sanitize accordingly.